[ISN] FBI information systems still at 'substantial risk,' officials say

From: InfoSec News (isnat_private)
Date: Thu Apr 11 2002 - 00:57:19 PDT

  • Next message: InfoSec News: "[ISN] Eight new IIS security holes exposed"

    http://www.govexec.com/dailyfed/0402/040902td1.htm
    
    By Maureen Sirhal
    National Journal's Technology Daily 
    April 9, 2002 
    
    The FBI runs major risks of having its information systems infiltrated 
    despite the agency's recent overhaul efforts, top FBI officials said 
    Tuesday.
    
    After the capture of Robert Hanssen, who worked at the FBI for more 
    than 20 years while spying for the Soviet Union, the FBI has taken 
    steps to bolster its security and revamp its information management 
    practices. But Kenneth Senser, the FBI's assistant director for 
    security, told members of the Senate Judiciary Committee that the 
    agency, along with other U.S. intelligence departments, still suffers 
    from the threat of security breaches. 
    
    "I think we are still at substantial risk relative to what we have to 
    do," Senser said. "I do think this is a period of time that we will 
    have to build expertise [to] ... bring the matter under control." 
    
    But he noted that the bureau has a greater chance today than a year 
    ago of finding a potential spy. 
    
    Committee Chairman Patrick Leahy, D-Vt., said it is vital that the FBI 
    take measures to properly secure sensitive data, especially national 
    security information obtained through Foreign Intelligence Security 
    Act (FISA) searches. 
    
    "I cannot underscore how much attention I want given to this," he 
    said. In light of new surveillance powers granted to the FBI under 
    anti-terrorism legislation, Leahy said the FBI must repair its 
    handling of intelligence data and follow proper procedures. 
    
    Sen. Richard Durbin, D-Ill., expressed dismay over the weak state of 
    information technology at the bureau revealed by the Commission for 
    the Review of FBI Security Programs, also known as the Webster 
    Commission. Former FBI Director Louis Freeh convened the commission to 
    comprehensively review the securities lapses at the FBI and make 
    recommendations. 
    
    Durbin chastised the Office of Management and Budget, which he said 
    was trying to thwart new spending initiatives to bolster technology 
    capabilities at the FBI. 
    
    Judge William Webster, the former director of the FBI and CIA who 
    chaired the commission, cited the need to integrate security into the 
    bureau's daily procedures. That requires better education and training 
    of employees, as well as an improved information system, he said.
    
    He noted that such precautions might have snared Hanssen earlier, and 
    he applauded provisions of a bill, S. 1974, that would implement many 
    of the Webster Commission's recommendations. 
    
    The FBI officials highlighted measures taken to bolster security, such 
    as the creation of counter-intelligence and security divisions. The 
    FBI also is improving worker training and making greater efforts to 
    modernize its computer and data systems. Senser noted that the agency 
    is readying its information systems to eventually support technologies 
    such as a public key infrastructure. 
    
    Senser said the FBI has not conducted a "big picture" cost analysis of 
    necessary funds to enhance its security. Congress has allocated more 
    than $56 million to the bureau as part of the counter-terrorism 
    supplemental package enacted shortly after the Sept. 11 terrorist 
    attacks. The FBI requested $78 million for fiscal 2003 to bolster data 
    management.
    
    Sen. Mike DeWine, R-Ohio, said that although Congress would hear the 
    FBI's concerns, the burden of boosting the historically underfunded 
    FBI would fall to the agency. 
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Apr 11 2002 - 03:23:06 PDT